Data Loss Prevention

 View Only

Use EDM to Create DLP Group Policy 

Apr 02, 2014 08:11 AM

From the previous article:

https://www-secure.symantec.com/connect/articles/create-dlp-policy-special-user-group

We introduced the method and steps to use AD to create DLP group policy.

By using AD directory connection, we can create DLP group policy based on the specific group or OU in AD. 

How can we create DLP group policy if there isn't AD, or the policy needed to be applied to the users that located in different group or OU?

We can use EDM to achieve this requirement.

By using EDM, we can create and apply group policy to any users that we needed.

For example:

there are 2 users locate in Finance OU which are finance01 and finance02, and, there are 2 users locate in Develop OU which are develop01 and develop02.

We cannot apply the DLP policy to finance01 and develop01 by using AD directory connection. But, This can be applied by using EDM Group Policy.

Here are the steps for the example:

1. Create a txt file which contains the email address we needed, such as finance01 and develop01 in our example:

EDM_Group_01.png

2. From DLP Enforce console, select 'Manage' --> 'Data Profiles' --> 'Exact Data':

EDM_Group_02.png

3. Click 'Add Exact Data Profile':

EDM_Group_03.png

4. Select 'Upload Data Source to Server Now' for the 'Data Source' section:

EDM_Group_04.png

5. Browse and select the txt file created in step1, and select 'Read first row as column names', then click 'Next':

EDM_Group_05.png

6. On the 'Field Mappings' section, select 'Email' for 'System Field':

EDM_Group_06.png

7. Select the option 'Submit Indexing Job on Save', then click 'Save' button:

EDM_Group_07.png

8. Check out the EDM profile is created successfully:

EDM_Group_08.png

9. Edit the policy, and choose 'Groups' tab, then click 'Add Rule' button:

EDM_Group_09.png

10. Select the option 'Sender/User base on a Directory from:', then select the EDM profile created on step8:

EDM_Group_10.png

11. Check out the Email field is list on the rule:

EDM_Group_11.png

12. Save the policy.

Then this policy will only be applied to the uses finance01 and develop01. The other users will not trigger this policy.

Statistics
0 Favorited
1 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Apr 10, 2014 12:40 AM

Really very helpful article.

Thanks

Related Entries and Links

No Related Resource entered.